Advances in Cryptology - CRYPTO 2009

Volume 5677 of the series Lecture Notes in Computer Science pp 466-486

Asymptotically Good Ideal Linear Secret Sharing with Strong Multiplication over Any Fixed Finite Field

  • Ignacio CascudoAffiliated withDepartment of Mathematics, University of Oviedo
  • , Hao ChenAffiliated withSoftware Engineering Institute, East China Normal University
  • , Ronald CramerAffiliated withCWI, Amsterdam & Mathematical Institute, Leiden University
  • , Chaoping XingAffiliated withDivision of Mathematical Sciences, Nanyang Technological University


This work deals with “MPC-friendly” linear secret sharing schemes (LSSS), a mathematical primitive upon which secure multi-party computation (MPC) can be based and which was introduced by Cramer, Damgaard and Maurer (EUROCRYPT 2000). Chen and Cramer proposed a special class of such schemes that is constructed from algebraic geometry and that enables efficient secure multi-party computation over fixed finite fields (CRYPTO 2006). We extend this in four ways. First, we propose an abstract coding-theoretic framework in which this class of schemes and its (asymptotic) properties can be cast and analyzed. Second, we show that for every finite field \({\mathbb F}_q\), there exists an infinite family of LSSS over \({\mathbb F}_q\) that is asymptotically good in the following sense: the schemes are “ideal,” i.e., each share consists of a single \({\mathbb F}_q\)-element, and the schemes have t-strong multiplication on n players, where the corruption tolerance \(\frac{3t}{n-1}\) tends to a constant ν(q) with 0 < ν(q) < 1 when n tends to infinity. Moreover, when \(|{\mathbb F}_q|\) tends to infinity, ν(q) tends to 1, which is optimal. This leads to explicit lower bounds on \(\widehat{\tau}(q)\), our measure of asymptotic optimal corruption tolerance. We achieve this by combining the results of Chen and Cramer with a dedicated field-descent method. In particular, in the \({\mathbb F}_2\)-case there exists a family of binary t-strongly multiplicative ideal LSSS with \(\frac{3t}{n-1}\approx 2.86\%\) when n tends to infinity, a one-bit secret and just a one-bit share for every player. Previously, such results were shown for \({\mathbb F}_q\) with q ≥ 49 a square. Third, we present an infinite family of ideal schemes with t-strong multiplication that does not rely on algebraic geometry and that works over every finite field \({\mathbb F}_q\). Its corruption tolerance vanishes, yet still \(\frac{3t}{n-1}= \Omega(1/(\log\log n)\log n)\). Fourth and finally, we give an improved non-asymptotic upper bound on corruption tolerance.